malwarewikiaorg-20200223-history
Popcorn Time
Popcorn Time is a ransomware-type virus discovered by security researcher MalwareHunterTeam. It is part of the HiddenTear Family. It is aimed at English-speaking users. Payload Following infiltration, Popcorn Time encrypts various data stored on the infected computer. During encryption, this ransomware appends the names of encrypted files with the ".kok" or ".filock" extension. Following successful encryption, Popcorn Time opens a pop-up window and creates an HTML file ("restore_your_files.html"), placing it on the desktop. Both contain ransom-demand messages. The messages inform victims of the encryption. The key is stored on a remote server owned by Popcorn Time's developers. Therefore, victims are encouraged to pay a ransom of 1 Bitcoin (approximately $750) to receive it. If the ransom is not paid within seven days, the key is permanently deleted and decryption becomes impossible. Popcorn Time has one feature making it unusual amongst ransomware-type viruses: it allows victims to decrypt their files free of charge using an affiliate link provided. Victims must promote this link to other users so that their computers are infected. If at least two of these other people pay the ransom, files are decrypted free of charge. The ransom demand message states that Popcorn Time's developers are students from Siria. They claim that the reason why they make these ransom demands is hunger in Syria. All payments are supposedly used to help refugees and impoverished people of this nation. Text presented within Popcorn Time HTML file: Warning Message!! We are sorry to say that your computer and your files have been encrypted, but wait, don’t worry. There is a way that can restore your computer and all of your files. When countdown ends your files will be lost forever. You must send at least AMOUNT Bitcoin to our wallet and your will get your files back. Your personal unique ID: - Send AMOUNT BTC to this address: 1LEiPgvh6S9VEXWV2dZTytSRd7e9B1bWt3 Warning Message!! ******************** We are sorry to say that your computer and your files have been encrypted, but wait, don’t worry. There is a way that you can restore your computer and all of your files. **************************************************************************************************** Your personal unique ID: - You must send at least - Bitcoin to address - to get your files back Warning! ! ! If you will not pay for the next 7 days, the decryption key will be deleted and your files will be lost forever. **************************************************************************************************** Restoring your files - The fast and easy way To get your files fast, please transfer - Bitcoin, to our wallet -. When we will get the money we will immediately give your your private decryption key. Payment should be confirmed in about 2 hours after payment made. Restoring your files - The nasty way Send the link - below to other people, if two or more people will install this files and pay, we will decrypt your files for free. What we did? We had encrypted all of your important images, document, videos and all other files on your computer. We used a very strong encryption algorithm that used by all governments all over the world. We store your personal decryption code to your files on our servers and we are the only ones that can decrypt your files. Please don’t try to be smart, anything other than payment will cause damage to your files and the files will be lost forever! ! ! If you will not pay for the next 7 days, the decryption key will be deleted and your files will be lost forever. What we do that? We are a group of computer science students from Syria, as you probably know Syria is having bad time for the last five years. Since 2011 we have more the half million people died and over 5 million refugees. Each member of our team has lost a dear from his family. I personally have lost both my parents and my little sister in 2015. The sad part is that the world remained silent and no one helping us so we decided to take an action. How to buy Bitcoins? If you aren’t familiar with Bitcoin and don’t know what is it. Please visit the official Bitcoin website (https://bitcoin.org/en/getting-started), follow the steps and you’ll get your Bitcoins. To understand more you can check also on the FAQ page (https://bitcoin.org/en/faq). Please check this website (https://coinatmradar.com) where you can find Bitcoin ATM all over the world. List of encrypted files on your computer - Category:Ransomware Category:Win32 ransomware Category:Win32 Category:Microsoft Windows Category:Trojan Category:Win32 trojan Category:Virus Category:Win32 virus Category:Assembly